When it comes to securing Windows Systems, it doesn’t matter if you harden a Domain Controller, a server system or a client – one thing they all have in common:
There are baselines provided by Microsoft, which security settings should be applied for each system.

Amongst others, there are some audit recommendations included.

I often work with customers who just started building their Security Operations Center (SOC). Many customers are confused by the variety of Windows Events: which events should be monitored? Which events will be generated when a specific baseline is applied?

Writing down each event and monitoring recommendations would be a huge effort. That’s why I automated it and created EventList – I hope, it helps you, too! (more…)

I was giving a talk about Just Enough Administration (JEA) at PSConfEU 2018 in Hannover and I also wanted to share my thoughts with you writing this blog post.

My PSConfEU presentation and demo code can be found on GitHub. The recording on the session will be released soon on the official PSConfEU YouTube channel (I will update this link, once the recording of my session is released). (more…)

When performing Security checks in customer environments I often find out that LAN Manager or NTLMv1 is still allowed. Most customers don’t know that this setting leaves the environment highly vulnerable to attacks targeting their authentication methods.

Why you should not use LAN Manager and NTLMv1 anymore you will read in this article. (more…)